JSW 2016 Vol.11(7): 677-684 ISSN: 1796-217X
doi: 10.17706/jsw.11.7.677-684
doi: 10.17706/jsw.11.7.677-684
A Model Guided Security Analysis Approach for Android Applications
Yan Zhang1, 2*, Zhoujun Li1, Dianfu Ma1
1School of Computer Science and Engineering, Beihang University, Beijing, China.
2School of Mathematics and Computer Science, Hubei University, Wuhan, China.
Abstract—Revealing security vulnerabilities is one of great challenges for the Android ecosystem. Static analysis is the usual approach of the security analysis for computer software. However, it is undirected and time-consuming for the common static analysis methods to analyze the entire Android application system-atically from the main entry point. In order to adapt to the event-driven feature of Android applications, a model guided security analysis approach for Android applications is introduced and implemented into the prototype tool MSAS. This approach builds and utilizes the Operation Security Model to guide the targeted analysis process, and then concentrate on the identified analysis surface to reduce analysis workload, thereby achieving fast analysis speed and on-demand code coverage based on the security rules. The test result shows that this approach can improve the efficiency and effect of security analysis for Android appli-cations, and it has revealed 11 security vulnerabilities by analyzing several popular Android applications.
Index Terms—Model guided analysis, security analysis, Android application security, static analysis, vulnera-bility discovery.
2School of Mathematics and Computer Science, Hubei University, Wuhan, China.
Abstract—Revealing security vulnerabilities is one of great challenges for the Android ecosystem. Static analysis is the usual approach of the security analysis for computer software. However, it is undirected and time-consuming for the common static analysis methods to analyze the entire Android application system-atically from the main entry point. In order to adapt to the event-driven feature of Android applications, a model guided security analysis approach for Android applications is introduced and implemented into the prototype tool MSAS. This approach builds and utilizes the Operation Security Model to guide the targeted analysis process, and then concentrate on the identified analysis surface to reduce analysis workload, thereby achieving fast analysis speed and on-demand code coverage based on the security rules. The test result shows that this approach can improve the efficiency and effect of security analysis for Android appli-cations, and it has revealed 11 security vulnerabilities by analyzing several popular Android applications.
Index Terms—Model guided analysis, security analysis, Android application security, static analysis, vulnera-bility discovery.
Cite: Yan Zhang, Zhoujun Li1, Dianfu Ma, "A Model Guided Security Analysis Approach for Android Applications," Journal of Software vol. 11, no. 7, pp. 677-684, 2016.
General Information
ISSN: 1796-217X (Online)
Frequency: Quarterly
Editor-in-Chief: Prof. Antanas Verikas
Executive Editor: Ms. Yoyo Y. Zhou
Abstracting/ Indexing: DBLP, EBSCO, CNKI, Google Scholar, ProQuest, INSPEC(IET), ULRICH's Periodicals Directory, WorldCat, etc
E-mail: jsw@iap.org
-
Apr 26, 2021 News!
Vol 14, No 4- Vol 14, No 12 has been indexed by IET-(Inspec) [Click]
-
Nov 18, 2021 News!
Papers published in JSW Vol 16, No 1- Vol 16, No 6 have been indexed by DBLP [Click]
-
Dec 24, 2021 News!
Vol 15, No 1- Vol 15, No 6 has been indexed by IET-(Inspec) [Click]
-
Nov 18, 2021 News!
[CFP] 2022 the annual meeting of JSW Editorial Board, ICCSM 2022, will be held in Rome, Italy, July 21-23, 2022 [Click]
-
Aug 01, 2023 News!